The people behind WhatsApp are rebutting a report contending that the app is vulnerable because your chats can be stored on an Android phone's SD card.

Earlier this week, DoubleThink chief technology officer Bas Bosschert posted a blog alleging that hackers could use a malicious app to tap into your WhatsApp conversations by uploading the database from the SD card to a Web site. To prove his point, Bosschert said he created an app that was able to snag and read the database files.

In response, a spokesperson for WhatsApp called the report "overstated" and issued the following statement sent to CNET:

We are aware of the reports regarding a "security flaw". Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps.

In essence, WhatsApp is saying that the fault lies not in our app but in Android itself, meaning any nasty piece of malware could access data on a device's SD card. WhatsApp's comment that it updated its app to further protect against malware sounds like a step in the right direction.

But in a comment to his original post, Bosschert said he tested the app again after the latest update, and the flaw still exists.

CNET contacted WhatsApp for comment and will update the story with any further details.

About the author

Journalist, software trainer, and Web developer Lance Whitney writes columns and reviews for CNET, Computer Shopper, Microsoft TechNet, and other technology sites. His first book, "Windows 8 Five Minutes at a Time," was published by Wiley & Sons in November 2012.
See full bio